forked from aquasecurity/vuln-list
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathMAL-2023-2479.json
35 lines (35 loc) · 1.11 KB
/
MAL-2023-2479.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
{
"id": "MAL-2023-2479",
"modified": "2023-08-24T20:12:58Z",
"published": "2023-02-23T19:03:08Z",
"summary": "Malicious code in adcpu (pypi)",
"details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: checkmarx (aa5dc890da9fcf136c6f31ef6d26bffd12f4dc4e8d57073af42cc29dcadc5dc1)\nEsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware\n",
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "adcpu",
"purl": "pkg:pypi/adcpu"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "0"
}
]
}
],
"database_specific": {
"source": "https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/adcpu/MAL-2023-2479.json"
}
}
],
"references": [
{
"type": "ARTICLE",
"url": "https://medium.com/checkmarx-security/the-skeleton-squad-tracing-the-origins-and-scope-of-5000-malicious-packages-on-pypi-7516c16e4da9"
}
]
}